Daily Ruleset Update Summary 2017/09/29

[***]            Summary:            [***]

5 new Open, 19 new Pro (5 + 14). Win32/Formgrabber, MSIL/Kryptik.KSP, Various Phishing.

Thanks: @AttackDetection, @illegalfawn

[+++]          Added rules:          [+++]

Open:

2024779 - ET CURRENT_EVENTS DNS Query For Browser Cryptocurrency Mining Domain (current_events.rules)
2024781 - ET TROJAN Win32/Formgrabber Data Exfil (trojan.rules)
2024782 - ET CURRENT_EVENTS Successful Banco do Brasil Phish M1 Sep 29 2017 (current_events.rules)
2024783 - ET CURRENT_EVENTS Successful Banco do Brasil Phish M2 Sep 29 2017 (current_events.rules)
2024784 - ET CURRENT_EVENTS Successful Banco do Brasil Phish M3 Sep 29 2017 (current_events.rules)

Pro:

2828093 - ETPRO TROJAN Win32/CoinMiner CnC Check-in POST Request (trojan.rules)
2828094 - ETPRO TROJAN DNS Query to Cerber Domain (sg9lxh . bid) (trojan.rules)
2828095 - ETPRO TROJAN DNS Query to Cerber Domain (1dofqx . top) (trojan.rules)
2828096 - ETPRO TROJAN DNS Query to Cerber Domain (17q8f6 . top) (trojan.rules)
2828097 - ETPRO TROJAN DNS Query to Cerber Domain (1fdlhn . top) (trojan.rules)
2828098 - ETPRO TROJAN DNS Query to Cerber Domain (1d88b8 . top) (trojan.rules)
2828099 - ETPRO TROJAN DNS Query to Cerber Domain (x4tk5c . bid) (trojan.rules)
2828100 - ETPRO TROJAN DNS Query to Cerber Domain (1gqj8x . top) (trojan.rules)
2828101 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-29 1) (trojan.rules)
2828102 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-29 2) (trojan.rules)
2828103 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-29 3) (trojan.rules)
2828104 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-29 4) (trojan.rules)
2828105 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-29 5) (trojan.rules)
2828107 - ETPRO TROJAN MSIL/Kryptik.KSP CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2022992 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M2 Jul 29 2016 (current_events.rules)
2023951 - ET TROJAN MAGICHOUND.FETCH CnC Beacon (trojan.rules)
2024777 - ET TROJAN [PTsecurity] Malicious SSL connection (Upatre Downloader CnC) 4 (trojan.rules)
2809235 - ETPRO TROJAN Blaknight.A/HawkEye Connectivity Check (trojan.rules)
2812468 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug 14 2015 (current_events.rules)
2812469 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug 14 2015 (current_events.rules)
2812686 - ETPRO CURRENT_EVENTS Successful Wells Fargo/CIBC Bank Phish Aug 25 2015 M1 (current_events.rules)
2814054 - ETPRO TROJAN njRAT Outbound Inbound (pnj-q8) (trojan.rules)
2814714 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 3 2015 M1 (current_events.rules)
2814715 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 3 2015 M2 (current_events.rules)
2816733 - ETPRO CURRENT_EVENTS Successful Phish to Compromised Wordpress Site Mar 23 2016 (current_events.rules)
2820683 - ETPRO CURRENT_EVENTS Successful Chase Phish Jun 15 2016 (current_events.rules)
2821170 - ETPRO CURRENT_EVENTS Successful Centurylink Account Phish Jul 15 2016 (current_events.rules)
2826980 - ETPRO TROJAN Win32/Filecoder.AB POST with System Info (trojan.rules)

[---]         Removed rules:         [---]

2024779 - ET TROJAN DNS Query For Browser Cryptocurrency Mining Domain (trojan.rules)

Date: 
Friday, September 29, 2017 - 00:00